On July 15, several high-profile Twitter accounts were hacked to spread a cryptocurrency scam. Twitter has enterprise-level network security, so how did hackers gain access to these profiles? Twitter reported that the hackers used an internal admin tool to gain access to the accounts. Specifically, the company tweeted that “a coordinated social engineering attack” on employees gave a hacker “access to internal systems and tools.”
Cybercriminals and data thieves are experts at abusing the vulnerabilities of laptops and mobile devices. Data breaches and interruptions for businesses of all sizes are at a record high. Could your company safely recover from identity theft, malicious emails, or compromised vendor data?
Threats to Your Computer Support
Research conducted by the National Cyber Security Alliance found that:
1) Almost 50 percent of small businesses have experienced a cyber attack.
2) More than 70 percent of the attacks target small businesses.
3) As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.
Symantec, the company behind NortonLifeLock, tracks cyber threats through a global network of 98+ million sensors. It found more than 375 million new unique malware combinations in 2016, including 98 million bots and 1.1 billion compromised identities. A staggering 76% of all scanned web sites had vulnerabilities that left them susceptible to attacks.
According to Symantec, “Perhaps what is most remarkable is that these numbers no longer surprise us. As real-life and online become indistinguishable from each other, cybercrime has become a part of our daily lives. Attacks against businesses and nations hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.”
Similarly, I.T. company blogs are an excellent resource for staying ahead of cybersecurity trends to protect your business.
Why Do You Need a Disaster Recovery Plan?
It’s not a matter of “if,” but a matter of “when” your company will face a cyber-attack.
Backup and disaster recovery are two separate things. Each serves different functions to help keep your company running following a crisis. Backup is the act of copying your data. With multiple copies of your data available, you’ll be able to access vital information in case of accidental deletion, server problems, or data corruption.
A disaster recovery plan gets your I.T. network up and running after an incident as soon as possible. Also, Forbes reports that one in three businesses faces a disaster because they don’t have an adequate or updated managed services plan. According to FEMA, of those companies that don’t have a plan, 90 percent fail following a cyberattack.
Essential Technology Outages
These data disasters can come in many forms, including hardware and software failures, cybersecurity breaches, and natural disasters. These disasters create downtime, which causes your company to lose money. According to Gartner, I.T. downtime costs a business an average of $5,600 per minute.
As companies continue to do more work online, it creates more opportunities for data breaches and other cyberattacks—Verizon’s “2019 Data Breach Investigations Report,” 43 percent of breaches involved small businesses. For example, hackers can use ransomware to block access to computers or data in exchange for money, use spyware to copy data off your hard drive, and steal passwords and credit card numbers using phishing techniques.
When the time comes, and your business is experiencing a data disaster, will you be ready? To prepare for the worst, companies need to have a backup and disaster recovery plan in place. Follow these steps to stay in control of your company’s response and reduce your downtime:
1) Identify the scope of the attack.
It’s essential to have an incident response team in place that can immediately swing into action following a cyberattack. Quick response is the key to limiting damages. According to a Ponemon Institute study, incident response teams significantly reduced the cost of a data breach, saving affected companies nearly $400,000 on average. Here are the first critical steps your organization should take:
1) Identify the compromised systems.
2) Investigate the I.P. addresses used in the attack.
3) Determine the type of attack, e.g., virus, malware, unauthorized access, etc.
Once you know the details of the threat, you can immediately warn other users on the network. Inform them what type of attack to look for and how to avoid it.
2) Roll out damage control.
Don’t panic and shut down your entire network. Doing so could risk missed deadlines, angry customers, and damage to your reputation. Instead, get busy isolating and mitigating damage to affected systems.
Don’t hesitate to notify customers and stakeholders of the attack. Above all, it’s better to admit to a data breach upfront rather than keep the attack a secret. Should news get out that you’ve tried to cover up a security breach, your company’s integrity could take a big hit.
Quarantine all infected computers or impacted applications on the network. By isolating affected systems, you can contain the damage and prevent any virus or malware from spreading. Your incident response team should also look for backdoors that hackers may have set up to get into your system in the future. If any of your vendors, customers, or suppliers become compromised, block all access from these accounts until you resolve these security issues.
3) Enforce cybersecurity best practices.
Change company-wide passwords for access to any affected systems. Afterward, install clean data and software backups, preferably from off-site devices not connected to your network. Make sure there are no default credentials that could allow hackers back in.
Then, spread the word. Take steps to train all employees in necessary cybersecurity procedures and policies. Review keeping secure passwords, not sharing personal information, and avoiding emailed links and downloads.
4) Keep your devices covered with an I.T. support managed services plan.
Endpoint devices have become the latest target, and attacks against notebooks and desktops increased by 132 percent in 2016 alone. That’s why it’s essential to strengthen endpoint security. By updating old, outdated, or insecure devices with multiple protection levels, you can secure your company’s valuable data assets.
With estimates placing cybercrime’s yearly financial damage to U.S. businesses somewhere between $500 million to $1 trillion, this is a genuine threat. You will encounter it. If a company as secure as Twitter can succumb to a cyber attack, then your company will inevitably face that threat as well.
Stay Socially Connected
Connect with Cinch I.T. on Facebook, Twitter, LinkedIn, and Instagram using the hashtags #cinchit, #cybersecurity, and #dataprotection.
About Cinch I.T.
Since 2004, Cinch I.T. has been providing customer-focused I.T. services for businesses of all sizes. Every element of our support provides the best I.T. services and the fastest and friendliest network and computer support in the industry. Cinch is one of the nation’s fastest-growing managed I.T. service franchises with 7 locations and counting. To learn more, visit cinchit.com. For more information about I.T. franchise opportunities, visit cinchfranchise.com.